Ā”Bienvenidos to 2025 – the “breakout year” for AI-driven social engineering! š¤”
Today’s LLMs can search the web in real time, while AI agents take it furtherāautonomously designing workflows and using discovered information to inform their attacks.
It no longer seems like hyperbole to imagine an AI-based bot that can perfectly tailor social engineering attacks to specific individuals. All it needs is a threat actor to set it in motion.
ā”The Speed Advantage
AI helps threat actors carry out more attacks in less time. While generative AI tools can generate technically perfect prose in virtually all major world languages, they’re also concealing the most obvious social-engineering tells and fooling more victims.
According to IBM’s X-Force research (https://lnkd.in/d_PJcEPK), while a phishing email typically takes my team about 16 hours to craft, the AI phishing email was generated in just five minutes with only five simple prompts.
Add deepfake technology into the mix, and AI models can now create fake images, audio, and even video calls, lending further credibility to their schemes.
š© The Red Flags of AI-Driven Social Engineering
Strong emotions – A significant request, delivered with intense emotion, should be a sign to stop and think.
Recycled plots –Ā the craftiest attackers personalize their stories as much as possible.
Don’t forget: While technical deepfake detection tools are emerging, they’re in a constant arms race with the creation technology. For now, the most reliable defense is procedural. Organizations must build in simple, required verification steps for any sensitive or unusual request.
Super cool source from IBM: https://lnkd.in/d7Uvyuvt
hashtag#Cybersecurity hashtag#ArtificialIntelligence hashtag#SocialEngineering hashtag#DigitalSecurity